Commit Graph

983 Commits

Author SHA1 Message Date
Dr. Stephen Henson
a23a6e85d8 Update ticket callback docs. 2014-07-03 14:50:08 +01:00
Rich Salz
538860a3ce RT 1638; EVP_*Final() should mention they no longer cleanup the ctx. 2014-07-02 23:38:34 -04:00
Rich Salz
fc1d88f02f Close a whole bunch of documentation-related tickets:
298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
2014-07-02 22:42:40 -04:00
Matt Smart
5cc99c6cf5 Fix doc typo.
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
2014-07-02 03:43:42 +01:00
Rich Salz
762a44de59 RT 3245; it's "bitwise or" not "logical or" 2014-07-01 13:00:18 -04:00
Rich Salz
854dfcd859 Fix RT 3211; "and are" -->"are" 2014-07-01 12:55:32 -04:00
Rich Salz
7b1d946051 Fix RT 2567; typo in pkeyutl page. 2014-07-01 12:49:20 -04:00
Rich Salz
42b91f28a6 Fix RT 2430; typo's in ca.pod 2014-07-01 12:47:52 -04:00
Rich Salz
d7003c4d7d Fix RT 3193 2014-07-01 12:44:32 -04:00
Jeffrey Walton
6e6ba36d98 Clarified that the signature's buffer size, s, is not used as an
IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
2014-06-29 23:34:21 +01:00
Ken Ballou
76ed5a42ea Typo.
PR#3173
2014-06-29 13:38:55 +01:00
Dr. Stephen Henson
528b1f9a9f Clarify protocols supported.
Update protocols supported and note that SSLv2 is effectively disabled
by default.

PR#3184
2014-06-29 00:07:08 +01:00
Rich Salz
a0490e02c7 RT 487. Mention that generated primes are "at least" B<bits> long. 2014-06-27 15:59:08 -04:00
Jeffrey Walton
0535c2d67c Clarify docs.
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
2014-06-27 16:39:11 +01:00
Viktor Dukhovni
8abffa4a73 Multiple verifier reference identities.
Implemented as STACK_OF(OPENSSL_STRING).
2014-06-22 20:32:35 -04:00
Viktor Dukhovni
d241b80409 More complete X509_check_host documentation. 2014-06-22 19:50:02 -04:00
Matt Caswell
115e480924 Fix minor typos 2014-06-19 23:45:21 +01:00
Hubert Kario
e42d84be33 add references to verify(1) man page for args_verify() options
cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.
2014-06-19 23:09:21 +01:00
Hubert Kario
2866441a90 sort the options in verify man page alphabetically
just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes
2014-06-19 23:09:21 +01:00
Hubert Kario
cd028c8e66 add description of missing options to verify man page
The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.
2014-06-19 23:09:21 +01:00
Hubert Kario
ce21d108bd smime man page: add missing options in SYNOPSIS
-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there
2014-06-19 23:09:21 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help.
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
2014-06-19 23:09:21 +01:00
rfkrocktk
96fc4b7250 Added documentation for -iter for PKCS#8 2014-06-17 23:10:14 +01:00
Viktor Dukhovni
a09e4d24ad Client-side namecheck wildcards.
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
2014-06-12 23:19:25 +01:00
Hubert Kario
343e5cf194 add ECC strings to ciphers(1), point out difference between DH and ECDH
* Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
2014-06-10 20:53:07 +01:00
Matt Caswell
fa6bb85ae0 Fixed minor duplication in docs 2014-06-07 12:30:18 +01:00
Dr. Stephen Henson
01f2f18f3c Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
2014-06-01 18:15:21 +01:00
Hubert Kario
9ed03faac4 add description of -attime to man page
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.
2014-05-30 23:26:35 +01:00
Hubert Kario
08bef7be1e add description of -no_ecdhe option to s_server man page
While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.
2014-05-30 22:59:43 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Matt Caswell
15658d0cbf Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:45:12 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Matt Caswell
085ccc542a Fixed minor copy&paste error, and stray space causing rendering problem 2014-05-22 00:07:35 +01:00
Matt Caswell
df24f29ae6 Fixed unterminated B tag, causing build to fail with newer pod2man versions 2014-05-22 00:00:23 +01:00
Viktor Dukhovni
397a8e747d Fixes to host checking.
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
2014-05-21 11:31:28 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3.
PR#3357
2014-05-21 11:28:57 +01:00
Matt Caswell
d4b47504de Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD) 2014-05-15 21:13:38 +01:00
Jeffrey Walton
2af071c0bc Fix grammar error in verify pod. PR#3355 2014-05-14 22:49:30 +01:00
Jeffrey Walton
18c4f522f4 Add information to BUGS section of enc documentation. PR#3354 2014-05-14 22:48:26 +01:00
Michal Bozon
ab6577a46e Corrected POD syntax errors. PR#3353 2014-05-14 21:07:51 +01:00
Jean-Paul Calderone
a4a442cccf Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file. 2014-05-12 22:41:13 +01:00
Dr. Stephen Henson
89e674744d Correct example. 2014-05-12 18:41:52 +01:00
Matt Caswell
c4afc40a9b Fixed CRLF in file 2014-05-10 01:19:50 +01:00
Jeff Trawick
e5676b8328 typo in SSL_get_peer_cert_chain docs
RT: 3304
2014-05-01 13:40:01 +02:00
Matt Caswell
ba1cb9a553 Fix SSL_CONF_cmd missing =back 2014-04-27 18:57:34 +01:00
Matt Caswell
b5450d6349 Fixed minor errors in docs 2014-04-26 21:56:36 +01:00
Matt Caswell
6bcc4475fc PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton 2014-04-26 21:44:26 +01:00
Chris Rorvick
fa9d77dcd2 doc: Add missing =back directive.
Signed-off-by: Chris Rorvick <chris@rorvick.com>
2014-04-26 12:32:53 -05:00
mancha
8acb953880 Fix version documentation.
Specify -f is for compilation flags. Add -d to synopsis section.

Closes #77.
2014-04-26 08:09:53 +01:00